02/14/2007 WED 12:09 FAX 650 474 8401 — -* USPTO-Gen Off FAX 0012/021 



BEST AVAILABLE COPY 



Application Ser. No. 10/600,121 
AMENDMENTS TO THE CLAIMS 

1. (previously presented) An apparatus for proving authentication when a 
user is not present, said apparatus comprising: 

a Web service client coupled to a service provider; 

an online wallet configured to store and selectively release financial 

information of various users; 
a discovery service; 
wherein: 

said Web service client, said service provider, said Web service provider, 
and said discovery service agree to work with each other; and 

an act of releasing financial information of the given user from the online 
wallet to fund an online purchase transaction on behalf of a given 
user without a live authenticated session of the given user with the 
Web service client is conditioned upon receiving proof of authority 
to conduct the requested purchase transaction without the live 
authenticated session. 

2. (original) The apparatus of Claim 1, wherein said Web service client 
comprises an assertion, said assertion comprising a statement that said user has 
an authenticated session. 

3. (original) The apparatus of Claim 2, wherein said assertion is signed by an 
authority. 

4. (original) The apparatus of Claim 3, wherein said authority is an identity 
provider of said discovery service. 

5. (original) The apparatus of Claim 2, wherein said statement comprises, 
but is not limited to, the following information: 

a system entity that made said assertion; 
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a system entity making a request; 

a system entity relying on said assertion; and 

a name identifier of said user in a namespace of said system entity that 
made said assertion to said system entity relying on said assertion. 

6. . (original) The apparatus of Claim 5, wherein said system entity making 
said assertion is an identity provider of said discovery service. 

7. (original) The apparatus of Claim 5, wherein said system entity making a 
request is said Web service client. 

8. (previously presented) The apparatus of Claim 5, wherein said system 
entity relying on said assertion is said online wallet. 

9. (previously presented) The apparatus of Claim 5, wherein said asserting 
party is said Web service client and said relying party is said online wallet 

10. (previously presented) The apparatus of Claim 2, wherein said statement 
is included in an extended assertion that is given to said online wallet at time of 
authentication. 

11. (original) The apparatus of Claim 1 , further comprising: 

means for said Web service client presenting to said discovery service a 
service assertion obtained from a second system entity, wherein 
said service assertion comprises a user presence statement; and 

means for said discovery service issuing a new service assertion 
comprising a new user presence statement, said new service 
assertion and said new user presence statement associated with 
said second system entity. 
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12. (original) The apparatus of Claim 11, wherein said second system entity is 
a second Web service client, 

13. (original) The apparatus of Claim 1, further comprising means for said 
discovery service recording and storing user statement information. 

14. (original) The apparatus of Claim 13, wherein said recorded and stored 
user statement information is in the form of a table, 

15. (previously presented) The apparatus of Claim 1, further comprising 
means for said online wallet storing a ticket for checking said permission to 
request a service. 

16. (previously presented) The apparatus of Claim 1, further comprising 
means for testing a request to said Web service while a user is still present, 
wherein either or both said discovery service and said online wallet can perform 
real-time consent informational data collection from a user without having 
actually performed a particular transaction. 

17. (previously presented) A method for proving authentication when a user is 
not present, said method comprising the steps of: 

providing a Web service client coupled to a service provider; 

providing an online wallet configured to store and selectively release 

financial information of various users; 
providing a discovery service; 
wherein: 

said Web service client, said service provider, said Web service provider, 
and said discovery service agree to work with each other; and 

an act of releasing financial information of the given user from the online 
wallet to fund an online purchase transaction on behalf of a given 
user without a live authenticated session of the given user with the 
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Web service client is conditioned upon receiving proof of authority 
to conduct the requested purchase transaction without the live 
authenticated session. 

18. (original) The method of Claim 17, wherein said Web service client 
comprises an assertion, said assertion comprising a statement that said user has 
an authenticated session. 

19. (original) The method of Claim 18, wherein said assertion is signed by an 
authority. 

20. (original) The method of Claim 19, wherein said authority is an identity 
provider of said discovery service. 

21. (original) The method of Claim 18, wherein said statement comprises, but 
is not limited to, the following information; 

a system entity that made said assertion; 

a system entity making a request; 

a system entity relying on said assertion; and 

a name , identifier of said user in a namespace of said system entity that 
made said assertion to said system entity relying on said assertion. 

22. (original) The method of Claim 21 , wherein said system entity making said 
assertion is an identity provider of said discovery service. 

23. (original) The method of Claim 21, wherein said system entity making a 
request is said Web service client. 

24. (currently amended) The method of Claim 21, wherein said system entity 
relying on said assertion is said online wallet 
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25. (previously presented) The method of Claim 21, wherein said asserting 
party is said Web service client and said relying party is said online wallet. 

26. (previously presented) The method of Claim 18, wherein said statement is 
included in an extended assertion that is given to said online wallet at time of 
authentication. 

27. (original) The method of Claim 1 7, further comprising the steps of: 

said Web service client presenting to said discovery service a service 
assertion obtained from a second system entity, wherein said 
service assertion comprises a user presence statement; and 

said discovery service issuing a new service assertion comprising a new 
user presence statement, said new service assertion and said new 
user presence statement associated with said second system 
entity. 

28. (original) The method of Claim 27, wherein said second system entity is a 
second Web service client. 

29. (original) The method of Claim 17, further comprising the step of said 
discovery service recording and storing user statement information. 

30. (previously presented) The method of Claim 29, wherein said recorded 
and stored user statement information is in the form of a table. 

31 (previously presented) The method of Claim 17, further comprising the 
step of said online wallet storing a ticket for checking said permission to request 
a service. 

32. (previously presented) The method of Claim 17, further comprising the 
step of testing a request to said online wallet while a user is still present, wherein 
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either or both said discovery service and said online wallet can perform real-time 
consent informational data collection from a user without having actually 
performed a particular transaction. 

33. (previously presented) A method for invoking authenticated transactions 
on behalf of a user when the user is not present, said method comprising the 
steps of: 

a service provider, at a time when a user is present, asking the user if said 
service provider can perform a particular transaction at a later point 
in time when the user is not present, wherein if the user indicates 
yes, then said service provider sending a notification to register with 
any of, or both of: 
a trusted discovery service; and 

a user activated online wallet confidentially storing financial data of 
the user sufficient to fund the particular transaction; 
wherein while the user is still present, the user can be asked to provide 

informational content related to said particular transaction; and 
at a time when the user is not present, the service provider initiating the 

particular transaction and requesting the online wallet to release 

financial data of the user. 

34. (previously presented) The method of Claim 33, further comprising the 
step of a discovery service checking if the user gave permission for contacting 
said online wallet when the user is not present, and if permission is granted, 
allowing control to go to said online wallet. 

35. (previously presented) The method of Claim 33, further comprising any of 
the steps of said Web service provider: 

■trusting said discovery service performed checking for permission and 
accepting that if . said discovery service indicates the user gave 
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permission, then said online wallet performing said particular 
transaction; and 

said online wallet deciding to perform checking for permission, and 
subsequently performing said particular transaction if said online 
wallet determines permission is granted. 

36. (original) The method of Claim.33. further comprising the step of providing 
a user capability of reviewing and modifying stored permissions. 

37. (original) The method of Claim 33, further comprising the step of providing 
robust security by having trust kept centrally in said discovery service. 

38. (previously presented) The method of Claim 33, further comprising said 
discovery service supporting a plurality of different types of online wallet. 

39. (previously presented) An apparatus for invoking authenticated 
transactions on behalf of a user when the user is not present, comprising: 

a computer driven service provider, configured to perform operations 
comprising, at a time when a user is present, asking the user if said 
service provider can perform a particular transaction at a later point 
in time when the user is not present, wherein if the user indicates 
yes, then said service provider sending a notification to register with 
any of, or both of: 
a trusted discovery service; and 

a user activated online wallet confidentially storing financial data of 
the user sufficient to fund the particular transaction; 
wherein while the user is still present, the user can be asked to provide 

informational content related to said particular transaction; and 
wherein the service provider is configured to perform further operations 

comprising, at a time when the user is not present, initiating the 
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particular transaction and requesting the online wallet to release 
financial data of the user. 

40. (previously presented) The apparatus of Claim 39, further comprising 
means for a discovery service checking if the user gave permission for contacting 
said online wallet when the user is not present, and if permission is granted, 
allowing control to go to said online wallet. 

41. (previously presented) The apparatus of Claim 39, further comprising the 
online wallet, the online wallet being programmed to perform operations 
comprising: 

trusting said discovery service performed checking for permission and 
accepting that if said discovery service indicates the user gave 
permission, then said online wallet performing said particular 
transaction; and 

said online wallet deciding to perform checking for permission, and 
subsequently performing said particular transaction if said online 
wallet determines permission is granted. 

42. (original) The apparatus of Claim 39, further comprising means for 
providing a user capability of reviewing and modifying stored permissions. 

43. (original) The apparatus of Claim. 39, further comprising means for 
providing robust security by having trust kept centrally in said discovery service. 

> 44. (previously presented) The apparatus of Claim. 39, further comprising 
means for said discovery service supporting a plurality of different types of online 
wallet. 

45. (previously presented). A process for establishing user authentication 
when the user is not present, comprising operations of: , 
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at a time went the user is engaged in a live authenticated session with an 
online service provider, the online service provider asking the user 
for permission for the online service provider to conduct at least 
one subject purchase at a later point in time when the user is no 
longer engaged in a live authenticated session with the online 
service provider; 

responsive to an affirmative answer, the online service provider sending 
registration data to at least one of: 
a trusted discovery service; 

an online wallet responsible for providing finance information to 
carry out the subject purchase; 
at a time when the user is not present, the online service provider initiating 
a purchase transaction on behalf of the user, and in response 
thereto, submitting a request to reveal finance information of the 
user to implement the purchase transaction, the request being 
' submitted to the trusted discovery service; 

responsive to the request, the performing at least one of the following 
operations: . . . 

the trusted discovery service checking for presence of the 
registration to determine if the user gave prior permission for 
conducting the requested transaction with the online wallet 
when the user is not present, and if so, the trusted discovery 
service authorizing the online wallet to reveal the requested 
finance information of the user to complete the requested 
transaction; 

in the event registration lies with . the online wallet, the trusted 
discovery service forwarding the request to the online wallet 
for determination therein as to whether the user gave prior 
permission for conducting the requested transaction with the 
online wallet! 
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46. (previously presented) The process of claim 45, the operations further 
. comprising: 

if the user gave prior permission, the online wallet revealing the requested 
finance information of the user to complete the purchase 
transaction even though the user is not engaged in a live 
authenticated session with the online service provider. 

47. (previously presented) The process of claim 45, the operations further 
comprising: 

responsive to the trusted discovery service authorizing the online wallet to 
complete the transaction, the online wallet verifying the registration 
data as a condition to revealing the requested finance information. 

48. (previously presented) The method of claim 45, where the operation the 
operation of submitting the request to the trusted discovery service comprises: 

the online service provider making the request via client software 
representing the user. 

49. (previously presented) The process of claim 45. the online service 
provider further comprising web services client software. 

50. (previously presented) The process of claim 45. the operations further 
comprising: 

while the user is engaged in a live authenticated session with the online service 
provider, conducting a test transaction short of actually completing the 
transaction in order to verify that the test transaction can be successfully carried 
out at a later time when the user is not engaged in a live authenticated session 
with the online service provider. 
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